CreateRemoteThread 32-> 64和/或64-> 32 [英] CreateRemoteThread 32->64 and/or 64->32

问题描述

我需要一种在x64窗口中将CreateRemoteThread分为64位和32位进程的方法.我已经找到了如何找到目标进程的指令集，如何在目标进程中为组装底座分配内存，并且我几乎已经确定了如何处理地址空间随机化.

I need a way to CreateRemoteThread in x64 windows into both 64 and 32 bit processes. I've worked out how to find instruction set of target process, how to allocate memory in the target process for the assembly sled, and I've almost worked out what to do about address space randomization.

当指令集使用错误的指令集时，我不知道如何在远程进程上实际启动线程.

I don't know how to actually start the thread on the remote process when it is of the wrong instruction set.

注意:我不在乎您要解决的两个问题中的哪一个.我自己的exe可以是32位或64位(但是在知道目标进程的位数之前，我确实必须选择).

Notice: I don't care which of the two problems you solve. My own exe can be either 32 or 64 bits (but I really do have to choose before I know the number of bits of the target process).

在有人抱怨我真的不必这样做之前，请问Microsoft为什么我必须在所有打开的句柄上设置FILE_SHARE_DELETE，然后才能删除正在使用的文件.不，无法删除其他进程打开过的文件.

Before somebody complains that I really shouldn't have to do this, ask Microsoft why I have to set FILE_SHARE_DELETE on all open handles before I can delete a file that is in use. No, there's no way around needing to delete files that other process have open either.

推荐答案

CreateRemoteThread 32-> 64不起作用.

CreateRemoteThread 32->64 doesn't work.

CreateRemoteThread 64-> 32可用.

CreateRemoteThread 64->32 works.

这篇关于CreateRemoteThread 32-> 64和/或64-> 32的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！